Aggressive polymorphic malware doubles in July

Symantec says we should all look out for polymorphic malware, but its rise may not be sustained.

Malware

Cyber criminals were increasingly aggressive with their targeted attacks in July, upping their use of polymorphic malware.

Of all email-borne malware samples intercepted by Symantec in July, 23.7 per cent were what the security giant described as "aggressively unstable or rapidly changing forms of generic polymorphic malware."

This was more than double the same figure six months ago - an "alarming proliferation in such a short time," according to Symantec.

This kind of malware has been typically found inside an executable within an attached ZIP file disguised as a PDF file.

Polymorphic malware is particularly good at bypassing traditional anti-virus software.

"The most recent samples were specifically designed to evade detection by software emulators that often form part of the anti-virus engine installed on a target PC. Software emulation is designed to analyse the code and follow the flow of instructions, but only up to a point," the Symantec report read.

"One design element of this new breed of malware includes a series of unnecessary jump' instructions in the start-up code, which are introduced in between the real instructions specifically to confound the anti-virus engine detection."

Many have pointed to the risks of relying too heavily on anti-virus to protect an organisation.

Martin Lee, senior software engineer at Symantec, called on anti-virus providers to develop their products in line with cyber criminal innovation.

"There are powerful Darwinian forces acting on the development of malware by criminals," Lee told IT Pro.

"Those whose malware is easily detectable fail to infect computers, and fail to thrive in the cyber crime environment. On the other hand, those who look to innovate and improve' their malware, tend to infect more computers and acquire the resources to reinvest in further development and innovation."

As for whether the rise of aggressive, polymorphic malware will be sustained, Lee was unsure.

"Malware innovation and development never runs backwards. If the malware writers have mastered how to deploy polymorphic techniques and this provides clear benefits to the distribution of malware, then we will certainly see more of this technique used in the malware in circulation," he added.

"On the other hand, if it less successful than the malware writers hoped, and it proves difficult to use in practice, then we may not see the technique sustained. It's early days, we need to wait and see."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

3 Aug 2020